Paketname
nss
Datum
2014-01-20
Advisory ID
MDVSA-2014:012
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

A vulnerability has been discovered and corrected in Mozilla NSS:

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla
Network Security Services (NSS) before 3.15.4, when the TLS False
Start feature is enabled, allows man-in-the-middle attackers to spoof
SSL servers by using an arbitrary X.509 certificate during certain
handshake traffic (CVE-2013-1740).

The updated packages have been upgraded to the 3.15.4 version which
is not vulnerable to this issue.

Aktualisierte Pakete

MES5 i586

 f674706b35674107bd7396b1d96fae8e  mes5/i586/libnss3-3.15.4-0.1mdvmes5.2.i586.rpm
 b9b37f74a5e2e2763cba726e025844a3  mes5/i586/libnss-devel-3.15.4-0.1mdvmes5.2.i586.rpm
 fbe175ab0f99db303bc39596d2d87555  mes5/i586/libnss-static-devel-3.15.4-0.1mdvmes5.2.i586.rpm
 4bd2822b4d1a2777fedd75a9825aada9  mes5/i586/nss-3.15.4-0.1mdvmes5.2.i586.rpm
 5a9dd4c42d87798914461b2b023e243a  mes5/i586/nss-doc-3.15.4-0.1mdvmes5.2.i586.rpm 
 5e1b4fc7a38d45ab0ea66e512c165354  mes5/SRPMS/nss-3.15.4-0.1mdvmes5.2.src.rpm

MBS1 x86_64

 ae1f6b351cc0089de9332c06713587eb  mbs1/x86_64/lib64nss3-3.15.4-1.mbs1.x86_64.rpm
 47cc97d305ea700ccc3b9b9864a1b56e  mbs1/x86_64/lib64nss-devel-3.15.4-1.mbs1.x86_64.rpm
 170a2bddb2c52fb6c064ab46712e8e19  mbs1/x86_64/lib64nss-static-devel-3.15.4-1.mbs1.x86_64.rpm
 28a6c953c04032051404e0de6d9cad24  mbs1/x86_64/nss-3.15.4-1.mbs1.x86_64.rpm
 cbd8d85cbdf3cb7746b9b30ca81de9f1  mbs1/x86_64/nss-doc-3.15.4-1.mbs1.noarch.rpm 
 c7fab003b581f6d93577864d562cbbfb  mbs1/SRPMS/nss-3.15.4-1.mbs1.src.rpm

MES5 x86_64

 f7134e0a5323a84b424e73c06eafd861  mes5/x86_64/lib64nss3-3.15.4-0.1mdvmes5.2.x86_64.rpm
 217a2a2bbe77d069a64fe5b103c7f6c6  mes5/x86_64/lib64nss-devel-3.15.4-0.1mdvmes5.2.x86_64.rpm
 29595f8f82d400b726ad55864cc12641  mes5/x86_64/lib64nss-static-devel-3.15.4-0.1mdvmes5.2.x86_64.rpm
 36bc0542da06dcb333dbfaa1a43b62d9  mes5/x86_64/nss-3.15.4-0.1mdvmes5.2.x86_64.rpm
 4bec1f2f9ab2f80686657226bcd2725c  mes5/x86_64/nss-doc-3.15.4-0.1mdvmes5.2.x86_64.rpm 
 5e1b4fc7a38d45ab0ea66e512c165354  mes5/SRPMS/nss-3.15.4-0.1mdvmes5.2.src.rpm

Referenzen